Assign write/read permissions to Application Event Log to none admin users


The following powershell sniplet can do exactly that.

$Account = "ADACCOUNT" #Change this
Write-Host Looking up SID for account $Account
$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Host Found SID for account $strSID.Value

$w = wevtutil gl application

Write-Host $w

$channelAccess = $w[5]

if ($channelAccess.Contains("channelAccess:"))
$str = $channelAccess.Replace("channelAccess: ","")
if ($str.Contains($strSID.Value) -eq $false)
$newstr = $str +"(A;;0x3;;;"+$strSID.Value+")"
Write-Host "Adding " $newstr
wevtutil sl Application /ca:$newstr
Write-Host "Update complete new value is" -ForegroundColor Green
wevtutil gl application
Write-Host "Update not needed" -ForegroundColor Yellow